HostAccess

class
Superclass
Strelka::AuthProvider
Included Modules
Configurability
Strelka::Constants
Strelka::MethodUtilities
Extended With
Loggability

HostAccess AuthProvider class – restricts access to requests coming from a list of netblocks.

You can configure which ones from the auth section of the config:

auth:
  allowed_netblocks:
  - 127.0.0.0/8
  - 10.5.3.0/22

Constants

DEFAULT_ALLOWED_NETBLOCKS

The default list of netblocks to allow

Attributes

allowed_netblocks[R]

An Array of IPAddr objects that represent the netblocks that will be allowed access to the protected resources

Public Class Methods

anchor
new( * )

Create a new Default AuthProvider.

# File lib/strelka/authprovider/hostaccess.rb, line 41
def initialize( * )
        super

        self.allowed_netblocks = DEFAULT_ALLOWED_NETBLOCKS

        # Register this instance with Configurability
        config_key :hostaccess
end

Public Instance Methods

anchor
allowed_netblocks=( newblocks )

Set the list of allowed netblocks to newblocks.

# File lib/strelka/authprovider/hostaccess.rb, line 61
def allowed_netblocks=( newblocks )
        @allowed_netblocks = Array( newblocks ).map {|addr| IPAddr.new(addr) }
end
anchor
authorize( _, request, _ )

Check authorization for the specified request by testing its the IP in its X-forwarded-for header against the allowed_netblocks.

# File lib/strelka/authprovider/hostaccess.rb, line 79
def authorize( _, request, _ )
        client_ip = request.header.x_forwarded_for or
                raise "No X-Forwarded-For header?!"
        addr = IPAddr.new( client_ip )

        return true if self.in_allowed_netblocks?( addr )

        return false
end
anchor
configure( config=nil )

Configurability API – configure the auth provider instance.

# File lib/strelka/authprovider/hostaccess.rb, line 67
def configure( config=nil )
        self.log.debug "Configuring %p with config: %p" % [ self, config ]
        if config && config['allowed_netblocks']
                self.allowed_netblocks = config['allowed_netblocks']
        else
                self.allowed_netblocks = DEFAULT_ALLOWED_NETBLOCKS
        end
end
anchor
in_allowed_netblocks?( ipaddr )

Returns true if the given ipaddr is in the allowed_netblocks.

# File lib/strelka/authprovider/hostaccess.rb, line 91
def in_allowed_netblocks?( ipaddr )
        return self.allowed_netblocks.any? {|nb| nb.include?(ipaddr) }
end